Many Hacks Claimed, Few Confirmed on Anon's Day of Mayhem

Much of the online havoc claimed by Anonymous and its followers to mark Guy Fawkes Day was more of the hack-a-site-and-leave-your-message variety, but one act, if true, could be more problematic. If the personal information posted online actually was taken from Symantec's servers, further data compromises could result, said Ken Baylor, research vice president at NSS Labs.

By Richard Adhikari
11/06/12 5:00 AM PT

Anonymous has been celebrating
Guy Fawkes Day by engaging in various acts of mayhem online and turning out in person at sites across the globe to protest. Some of the reported hacks have turned out to be unsubstantiated.

The attack claims include
Symantec and
ImageShack. PayPal also was reported to have been hacked, but a spokesperson says that's not true.

Anonymous has
also announced that it's going to launch phase two of Operation maZynga, an attack it launched against
Zynga last week.

Further, the collective held a march Monday night on Trafalgar Square in London.

Also to mark the day Monday, Anonymous said it would bring
TYLER, its peer-to-peer Wikileaks project for whistleblowers everywhere, out of beta.

The Anonymous Hacks

Anonymous posted data taken from Symantec, ImageShack, several self-proclaimed hackers and at least one PayPal user on Pastebin. The posting purports to list the names and email addresses of several people hosted on a Symantec domain, data from at least one PayPal user, and information about several ImageShack's servers.

Symantec's complete database, as well as data from more than 4,000 user accounts -- many of which appeared to be owned by Symantec employees or related companies -- reportedly have been put up on the Pastebin site.

"The Symantec leak is most worrying as encrypted passwords are visible with emails," Ken Baylor, research vice president at
NSS Labs, told TechNewsWorld. "Once they are cracked, they will be leveraged to break into corporate accounts and likely the users' personal accounts, LinkedIn, Facebook, and Twitter accounts for social engineering and further data theft."

Anonymous has owned ImageShack's servers for years, from the ground up, the collective claims. However, it ended its hack of that company when an admin set up an intrusion detector.

The group struck at Symantec because, although it claims to own "all the other major AV corporations, yours just pissed us off the most."

Lack of Evidence

Symantec "is investigating the recent claims made online regarding the security of our networks," spokesperson Mike Bradshaw told TechNewsWorld. "We have found no evidence that customer information was exposed or impacted." The company "will continue to monitor the situation and aggressively investigate these and any related claims."

Whether PayPal was actually hacked remains an open question as well. Anonymous was reported to have hacked 28,000 PayPal accounts, but PayPal also denies this claim.

"It appears that the exploit was not directed at PayPal after all," spokesperson Dave Garcia told TechNewsWorld. "The original story that started this and was retweeted by some of the Anonymous Twitter handles has now been updated."

Preserving the 5th Estate

There also have been reports, which Anonymous
itself denied, that had it attacking various NBC sites and targeting Facebook. It repeated that denial Monday in response to a query.

Keeping Things in Context

Symantec has been hacked before, and it could be that this is because it, like many other companies, "focuses on perimeter security and protecting key systems," NSS Labs' Baylor suggested. "What [enterprises] forget is, they have multiple development servers which are extremely vulnerable, and can be used as gateway systems, as many [of these] share accounts and passwords with their key systems."

Websites are attacked "millions of times a day," and "it takes only one lucky hit" to compromise them, Baylor continued. Businesses need to move away from passwords and toward multifactor authentication, cut down on password reuse and put in better controls against botnets.